[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Returning single values from multivalued attributes

To: d.w.chadwick@salford.ac.uk
Subject: Re: Returning single values from multivalued attributes
From: mcs@netscape.com (Mark C Smith)
Date: Mon, 09 Aug 1999 14:17:05 -0400
Cc: ietf-ldapext@netscape.com
Organization: Netscape Communications
References: <E11CtbI-0000KT-00@tantalum.btinternet.com>
Resent-date: Mon, 09 Aug 1999 11:18:16 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"qe3OQB.A.aGB.Mtxr3"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

David Chadwick wrote:
> 
> Mark Smith wrote
> 
> > I lean towards (i) but I'd like to have more discussion about this -- both
> > about how people envision using this feature and how the existing feature
> > works in X.500 DAP.  Can you explain exactly how the matchedValuesOnly
> > argument works in DAP?  I find the text in X.511 to be quite confusing.
> > Some basic questions I have:
> >
> > a) Does matchedValuesOnly affect single-valued attributes or just
> > multivalued ones?
> 
> Its effect on a single valued attribute is null.

I find it surprising and confusing that the behavior is different when
an attribute has multiple values vs. when it only has one.  Just so I
understand how this works, here's an example.  Suppose entry E1 has one
userCertificate value and entry E2 has two such values.  Further suppose
that a client wants to always retrieve the cn attribute from an entry
but wants to receive a userCertificate value only if the cert value
presented in a filter matches one of the certs present in the entry. 
For E1, this will require two search operations (base search to grab the
cn and another to test for the cert) but for E2 it can be done in one
(base search with a filter like
"(|(cn=*)(userCertificate;binary=<DER>))" with matchedValuesOnly set to
TRUE).  Correct?  Or by "single valued attribute" do you mean an
attribute type that allows multiple values?  Technically, the filter I
present above won't work because presence and equality filters don't
work with matchedValuesOnly (see below).

> 
> >
> > b) Can matchedValuesOnly be used with equality filters?
> 
> No, but the easy work around to this is to put the equality filter in the
> extended filter element of the search.

I'd like to see us fix this problem when we define a matched values only
control for LDAPv3.  Presence filters are not allowed either.  This
seems like an unnecessary limitation to me.

-- 
Mark Smith
iPlanet Directory Architect / Sun-Netscape Alliance
My words are my own, not my employer's.   Got LDAP?

Follow-Ups:
- Re: Returning single values from multivalued attributes
  - From: Helmut Volpers <helmut.volpers@icn.siemens.de>
- Re: Returning single values from multivalued attributes
  - From: Bruce Greenblatt <bgreenblatt@dtasi.com>

References:
- Re: Returning single values from multivalued attributes
  - From: David Chadwick <d.w.chadwick@salford.ac.uk>

Prev by Date: RE: Nested SearchRequests
Next by Date: Re: Returning single values from multivalued attributes
Index(es):
- Chronological
- Thread